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Patent 

Attorney's Docket No. 032326-135 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re Patent Application of 

Jean-Pierre LE GALL et al 

Application No.: Unassigned 

Filed: April 24, 2001 

For: METHOD AND SYSTEM FOR 

AUTHENTICATING USERS AND 
MANAGING RISK IN A 
COMMUNICATION NETWORK (AS 
AMENDED) 

PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

Sir: 

Prior to examination and the calculation of filing fees, kindly amend the above- 
identified application as follows: 

IN THE TITLE : 

Replace the original title with the following: 
-METHOD AND SYSTEM FOR AUTHENTICATING USERS AND MANAGING RISK 
IN A COMMUNICATION NETWORK— 



Group Art Unit: Unassigned 
Examiner: Unassigned 



Application No. Unassigned 
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Page 2 

IN THE SPECIFICATION: 

Page 1, immediately following the title appearing on lines 1 and 2, insert the 
following: 

--This disclosure is based upon, and claims priority from French Application No. 
98/13440, filed on October 27, 1998 and International Application No. PCT/FR99/02233, 
filed September 21, 1999, which was published on May 4, 2000 in a language other than 
English, the contents of which are incorporated herein by reference. 
Background of the Invention - 

Page 3, between lines 20 and 21, insert the following heading: 
— Summary of the Invention 

Page 6, immediately before the first paragraph, insert the following heading: 
- Brief Description of the Drawings — . 

Page 6, between lines 14 and 15, insert the following heading: 
— Detailed Description — . 

IN THE CLAIMS: 

Kindly replace claims 1-4, as follows. 

1 . (Amended) A risk management system in a cornmunication network of a 
type which includes a message service and communication devices each having an 
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electronic chip card capable of calculating a cryptographic authentication certificate from a 
value supplied by the network, comprising: 

means in said chip cards for selectively enabling the calculation of a 
cryptographic certificate and its transmission to the network when certain conditions are 
fulfilled, and for transmitting to the network a message requesting evaluation of risk when 
other conditions are fulfilled, and 

means in said network for evaluating said risk according to the information 
contained in the risk evaluation request message and parameters specific to the user of the 
communication devices, and for sending a message to said enabling means in the electronic 
chip card for enabling or inhibiting the calculation and transmission of the cryptographic 
certificate. 

2. (Amended) A risk management system according to Claim 1, wherein said 
electronic chip card, executes the following steps: 

(a) checking whether the electronic chip card is in an inhibited state in order 
to determine whether to refuse an authentication request; 

(b) in the case of authorisation of the authentication request, counting the 
number (N) of requests for authentication of the electronic chip card by the network, 

(c) comparing the number (N) of authentication requests with a first 

threshold TO, 

(d) calculating a cryptographic certificate if N < TO and transmitting it to 

the network, 
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(e) comparing the number N with a second threshold Tl if N > TO, 

(f) putting the electronic chip card in the inhibited state if N > Tl, and 

(g) calculating a cryptographic certificate and producing a risk assessment 
request message, and transmitting said certificate and message to the network if TO < N < 
Tl. 



3. (Amended) A system according to Claim 2, wherein the network executes 
the following steps: 

(h) analysing the risk assessment request transmitted by the electronic chip 

card, 

(i) assessing the risk according to the results of the analysis according to the 
previous step (h) and parameters specific to the user of the communication device, and 

(j) producing a response message and transmitting it to the electronic chip 

card. 



4. (Amended) A system according to claim 3, wherein the numbers N, TO and 
Tl are monetary values corresponding respectively to a totalling of the expenditure made in 
communications sessions, a first authorised expenditure threshold and a second threshold 
beyond which the expenditure is no longer authorised. 
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Add the following new claims: 

—5. A system according to claim 2, wherein the numbers N, TO and Tl are 
monetary values corresponding respectively to a totalling of the expenditure made in 
communications sessions, a first authorised expenditure threshold and a second threshold 
beyond which the expenditure is no longer authorised. 

6. A method for managing authenticating users and managing risks in a 
communication network of a type having a message service and communication devices 
with electronic chip cards that authenticate said devices to the network, comprising the 
following steps performed in the chip card: 

(a) checking whether the electronic chip card is in an inhibited state in order 
to determine whether to refuse an authentication request; 

(b) in the case of authorisation of the authentication request, counting the 
number (N) of requests for authentication of the electronic chip card by the network, 

(c) comparing the number (N) of authentication requests with a first 

threshold TO, 

(d) calculating a cryptographic certificate if N < TO and transmitting it to 

the network, 

(e) comparing the number N with a second threshold Tl if N > TO, 

(f) putting the electronic chip card in the inhibited state if N > Tl, and 
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(g) calculating a cryptographic certificate and producing a risk assessment 
request message, and transmitting said certificate and message to the network if TO < N < 
Tl. 

7. The method of claim 6 wherein the network executes the following steps: 

(h) analysing the risk assessment request transmitted by the electronic chip 

card, 

(i) assessing the risk according to the results of the analysis according to the 
previous step (h) and parameters specific to the user of the communication device, and 

(j) producing a response message and transmitting it to the electronic chip 

card. 

8. The method of claim 7 wherein the numbers N, TO and Tl are monetary 
values corresponding respectively to a totalling of the expenditure made in communications 
sessions, a first authorised expenditure threshold and a second threshold beyond which the 
expenditure is no longer authorised. 

9. The method of claim 6 wherein the numbers N, TO and Tl are monetary 
values corresponding respectively to a totalling of the expenditure made in communications 
sessions, a first authorised expenditure threshold and a second threshold beyond which the 
expenditure is no longer authorised.— 
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REMARKS 

Entry of the foregoing amendment is respectfully requested. This amendment is 
intended to place the claims in a more conventional format and eliminate the multiple 
dependency of the claims. 

Respectfully submitted, 



Burns, Doane, Swecker&Mathis, l.l.p. 




James A. LaBarre 
Registration No. 28,632 



P.O. Box 1404 

Alexandria, Virginia 22313-1404 
(703) 836-6620 



Date: April 24, 2001 
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Attachment to Preliminary Amendment dated April 24. 2001 
Marked-up Claims 1-4 

1. (Amended) A risk management system in a [mobile telephony] 
communication network [equipped with a message service device (18), the mobile handsets 
(14) each having] of a type which includes a message se rvice and communication devices 
each having an electronic chip card [(22) (SIM)] capable of calculating a cryptographic 
authentication certificate from a value supplied by the network, [characterised] comprising: 

[- in that the electronic chip card (22, SIM) comprises means (32)] means in 
said chip cards for selectively enabling [or not] the calculation of a cryptographic certificate 
and its transmission [(56)] to the network when certain conditions are fulfilled.,, [or not] and 
for transmitting to the network a message [(38)] requesting evaluation of [the] risk when 
other conditions are fulfilled, and 

[- in that the network (54) comprises means (34)] means in said network for 
evaluating [the] said risk according to the information contained in the risk evaluation 
request message [(38)] and parameters specific to the user of the [mobile handset (14, ME)] 
communication devices, and for sending a message [(40) to the said means (32) of] to said 
enabling means in the electronic chip card for enabling or [not] inhibiting the calculation 
and transmission of the cryptographic certificate. 



2. (Amended) A [method for implementing the] risk management system 
according to Claim 1, [characterised in that it comprises, in the] wherein said electronic 
chip card [(22)], executes the following steps [consisting in]: 
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Attachment to Preliminary Amendment dated April 24. 2001 
Marked-up Claims 1-4 

(a) checking [(74) the state, inhibited or not, of] whether the electronic chip 
card is in an inhibited state in order to determine whether to refuse [(75) or not the] an 
authentication request; 

(b) in the case of authorisation of the authentication request, counting [(76)] 
the number (N) of requests for authentication of the electronic chip card [(22, SIM)] by the 
network [(54)], 

(c) comparing the number (N) of authentication requests with a first 

threshold TO, 

(d) calculating a cryptographic certificate if N < TO and transmitting it to 

the network, 

(e) comparing the number N with a second threshold Tl if N > TO, 

(f) putting the electronic chip card [(22, SIM)] in the inhibited state [(82, 
58)] if N > Tl, and 

(g) calculating a cryptographic certificate [(88)] and producing a risk 
assessment request message^ [(86)] and transmitting [(38, 56) them] said certificate and 
message to the network if TO < N < Tl. 



3. (Amended) A [method] system according to Claim 2, [characterised in that 
it also comprises the following steps implemented by] wherein the network [(54), consisting 
in] executes the following steps : 
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Attachment to Preliminary Amendment dated April 24. 2001 
Marked-up Claims 1-4 

(h) analysing [(94)] the risk assessment request transmitted by the electronic 

chip card [(22)], 

(i) assessing [(96, 102, 98)] the risk according to the results of the analysis 
according to the previous step (h) and parameters specific to the user of the [mobile 
handset] communication device , and 

(j) producing [(100, 104, 40)] a response message and transmitting it to the 
electronic chip card [(22)] . 

4. (Amended) A [method] system according to [one of the preceding Claims 2 
or 3, characterised in that] claim 3. wherein the numbers N, TO and Tl are monetary values 
corresponding respectively to a totalling of the expenditure made in [telephone] 
communications sessions , a first authorised expenditure threshold and a second threshold 
beyond which the expenditure is no longer authorised. 
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A RISK MANAGEMENT METHOD AND SYSTEM IN A MOBILE 
TELEPHONY NETWORK 

The invention relates to mobile telephony networks 
5 and more particularly, in such networks, a method and a 
system for managing the risk incurred by the operator 
of the mobile telephony network vis-a-vis users liable 
to exceed their rights or abnormal operations. 

A mobile telephony system of the GSM (the acronym 
10 of the English expression Global System for Mobile 
communications) type, comprises a mobile telephony 
network, managed by an operator, which makes it 
possible to connect together users each provided with a 
mobile handset ME (the acronym of the English 
15 expression "Mobile Equipment") , each handset comprising 
notably an electronic chip card SIM (the acronym of the 
English expression "Subscriber Identification Module") . 

In such a mobile telephony system, a certain 
number of operations are provided for the 
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authentication of the SIM card by the network, at the 
time the handset is switched on, and at any other time 
in the telephone communication. 

To this end, the authentication method comprises 
5 the following steps consisting in: 

(1) the resetting of the card by the handset or 
mobile equipment ME and the transmission of the 
identity of the SIM card to the network, 

(2) obtaining from the network a random number RN 
10 at the request of the handset ME, 

(3) transmitting the random number RN to the SIM 
card by means of the handset ME, 

(4) calculating in the SIM card a first 
cryptographic certificate CC1 or cryptogram according 

15 to a predefined algorithm AL, using the random number 

RN supplied by the network and a secret key SC internal 
to the SIM card, 

(5) transmitting to the network, via the handset 
ME, the first cryptographic certificate CC1 calculated 

2 0 by the SIM card, 

(6) calculating a second cryptographic 
certificate CC2 by means of the network according to 
the same algorithm AL as that of the SIM card, using 
the random number RN sent to the SIM card and the 

25 secret internal key SC which is known to the network 

through the identity of the SIM card, 

(7) comparing the second cryptographic 
certificate CC2 with the first cryptographic 
certificate CC1, and 
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(8) enabling the transaction if the comparison is 
positive or inhibiting it in the contrary case. 

Such an authentication method makes it possible to 
verify that the bearer of the handset ME with which the 
5 SIM card is associated is indeed authorised to enter 
into communication by means of the network. However, 
this method does not make it possible to take into 
account other conditions which would have to be 
fulfilled in order to enable the establishment of 

10 communicat ion . One of the additional conditions to be 
fulfilled could, in the case of a prepayment card, be 
that the amount remaining to the credit of the bearer 
of the handset is greater than a certain predetermined 
threshold, this condition tending to limit the risk of 

15 any payment default. 

Moreover, the authentication methods currently 
implemented do not make it possible to detect repeated 
access requests by a fraudster using a stolen handset 
and, all the more so, blocking this access after a 

20 certain number of access requests. 

One aim of the present invention is therefore to 
implement a method of authenticating a subscriber card 
for a telecommunications network which makes it 
possible to take into account different conditions, 

25 possibly liable to change, so as to manage or limit the 
risks incurred by the operator by authorising access to 
the network. 

This aim is achieved by introducing means into the 
SIM card of the handset and into the network server; 
30 these means communicate with each other by means of 
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messages transmitted over a service telecommunication 
channel such as the one currently used for the short 
messages service better known by the English acronym 
SMS, standing for "Short Message Service". 
5 The invention therefore relates to a risk 

management system in a mobile telephony network 
equipped with a message service device, the mobile 
handsets each having an electronic chip card SIM 
capable of calculating a cryptographic authentication 

10 certificate from a value supplied by the network, 
characterised : 

- in that the electronic chip card comprises means 
for enabling or not the calculation of a cryptographic 
certificate and its transmission to the network when 

15 certain conditions are fulfilled or not and for 
transmitting to the network a message requesting 
evaluation of the risk when other conditions are 
fulfilled, and 

in that the network comprises means for 

20 evaluating the said risk according to the information 
contained in the risk evaluation request message and 
parameters specific to the user of the mobile handset 
and for sending a message to the said means of the 
electronic chip card for enabling or not the 

25 calculation and transmission of the cryptographic 
certificate . 

The invention also relates to a method for 
implementing the risk management system defined above, 
characterised in that it comprises, in the electronic 
30 chip card, the following steps consisting in: 
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(a) checking the state, inhibited or not, of the 
electronic chip card in order to refuse or not the 
authentication request; 

(b) in the case of authorisation of the 
5 authentication request, counting the number N of 

requests for authentication of the electronic chip card 
by the network, 

(c) comparing the number N of authentication 
requests with a first threshold TO, 

10 (d) calculating a cryptographic certificate if N 

< TO and transmitting it to the network, 

(e) comparing the number N with a second 
threshold Tl if N > TO, 

(f) putting the electronic chip card in the 
15 inhibited state if N > Tl, and 

(g) calculating a cryptographic certificate and 
producing a risk assessment request message and 
transmitting them to the network if TO < N < Tl . 

The above method is characterised in that, in the 
20 network, it comprises the following additional steps 
consisting in: 

(h) analysing the risk assessment request 
transmitted by the electronic chip card, 

(i) assessing the risk according to the results 
25 of the analysis according to the previous step (h) and 

parameters specific to the user of the mobile handset, 
and 

(j) producing a response message and transmitting 
it to the electronic chip card. 
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Other characteristics and advantages of the 
present invention will emerge from a reading of the 
following description of a particular example 
embodiment, the said description being given in 
5 relation to the accompanying drawings, in which: 

- Figure 1 is a diagram showing schematically the 
information flows between the different components of 
the mobile telephony network, 

Figure .2_^ is a functional diagram of a risk 
10 management module associated with the electronic chip 
card of a mobile handset, and 

Figure _3 is a functional diagram of a risk 
management module associated with the mobile telephony 
network . 

15 A mobile telephony network comprises schematically 

three parts A, B and C which are delimited vertically 
by two dotted lines 10 and 12. 

The central part B corresponds to the bilateral 
radio transmission of the communications, between a 

20 mobile handset 14 (or ME) and a base station 16 (or BS, 
corresponding to the acronym of the English expression 
"base station") associated with messaging equipment 18 
(or SMSC, corresponding to the acronym of the English 
expression "Short Message Service Centre"), which 

25 supplies the SMS (the acronym of the English expression 
"Short Message Service") defined above in the 
introduction . 

The part C corresponds to the mobile telephony 
network 54 and comprises notably a switching system 20 

30 (or MSC, standing for the English expression "Mobile 
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Switching Centre") , a subscriber recording module 50 
(or HLR, standing for the English expression "Home 
Location Register") and an authentication module 52 (or 
AC, standing for the English expression "Authentication 
5 Centre") . The subscriber registration module 50 

contains the characteristics identifying each of the 
subscribers. The authentication module 52 contains the 
secret key SC of each subscriber, issues the random 
numbers RN, calculates the cryptographic certificates 
10 CC2 and compares the cryptographic certificate CC2 with 
the cryptographic certificate CC1 calculated by the SIM 
card . 

The part A corresponds to the characteristics of 
the subscriber to the network and comprises a SIM card 

15 22 which is fitted in the mobile handset 14. The 
information is exchanged bilaterally between the SIM 
card 22 and the mobile handset 14 (arrow 24) , between 
the mobile handset 14 and the base station 16 (arrow 
26) , between the base station 16 and the messaging 

20 equipment 18 (arrow 28) and between the message 
equipment 18 and the network 54 (arrow 30) . 

In order to authenticate the SIM card and enable a 
communication, steps (1) to (8) of the method described 
in the introduction are executed at the initiative of 

25 the mobile equipment. 

According to the invention, the SIM card 22 and 
the network 54 are supplemented in order to implement 
the risk management method. To this end, the SIM card 
22 and the network 54 are each supplemented by a so- 



called risk management module, referenced 32 for the 
card and 34 for the server. 

The card module 32 contains the matters relating 
to the subscriber, whilst the network module 34 
contains the matters which are necessary to the network 
54 for interpreting the information supplied by the 
card module and making a decision with regard to the 
authentication to be executed according to certain 

More precisely, the reguest 36 for authentication 
of the card by the network 54 by the sending of a 
random number RN to the card 22 by means of the mobile 
handset 14 triggers the operations of the module 32 of 
the card 22. This module analyses this request 

according to criteria relating to the subscriber and 
makes a decision according to the steps in the diagram 
in Figure 2. 

Where the module 32 detects a risk, a risk 
assessment message 38 is transmitted to the network 54 
and more particularly to the management module 34, 
which makes a decision according to the steps in the 
diagram in Figure 3. This decision or response is 
transmitted to the card 22 by means of a message 40 
which results either in enabling the authentication of 
the card according to the normal procedure or 
inhibiting this authentication and more generally 
blocking the card. 

In the diagram in Figure 2, a request (step 70) 
for authentication of the card by the terminal 
commences with the transmission to the card of a random 
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value or random number RN according to the arrow 3 6 via 
the handset ME. This authentication request is 

received by the card (step 72) and processed by the 
risk management module 32. 

This management module 32 comprises principally: 

- a state register RMS for indicating the state of 
the card, blocked or not (RMS being the acronym of the 
English expression "Risk Management Status") , 

- a counter CAC for counting the number N of 
authentication requests (CAC being the acronym of the 
English expression "Cumulative Authentication 
Counter" ) , 

- comparators for comparing the value N of the 
counter CAC with thresholds TO and Tl such that TO < 
Tl . 

Where the register RMS is in the inhibited state 
(step 74), authentication is refused (step 75) so that 
the management module 32 blocks the card by means of a 
signal 58. 

Where the register RMS is not in the inhibited 
state, this authentication request increments the 
counter CAC (step 7 6) by one unit. The value N 
resulting from this incrementation is compared (step 
78) with the first threshold TO. 

If this incremenred value is less than TO, the 
module 32 calculates (step 80) the first cryptographic 
certificate CC1 (also referred to as a cryptogram) 
according to the algorithm AL using the random value 
RA. This certificate CC1 is transmitted (56) to the 
network 54. 



10 



If this incremented value is equal to or greater 
than TO, it is compared with the second threshold Tl 
(step 80) . If it is equal to or greater than Tl, the 
register RMS is set to the inhibited state (step 82) 
■ 5 and authentication is refused according to step 76 so 
that the management module 32 blocks the card by means 
of the signal 58. 

If the incremented value is less than Tl, the 
management module produces (step 84) a risk assessment 
10 request message and transmits it (step 86) to the 
network 54 according to the arrow 38 in order to be 
processed therein according to the diagram in Figure 3. 

Moreover, as the second threshold Tl is not 
reached, blocking of the card is not envisaged, so that 
15 the card calculates the cryptographic certificate CCl 
(step 88) and transmits it (56) to the network 54. 

The risk assessment request message 38 is 
transmitted to the network 54 according to the SMS 
format and received therein (steps 90 and 92) . From 
20 this message there are extracted the value N of the 
counter CAC and the identification number ID of the 
bearer of the SIM card. 

The risk is assessed by means of step 96 according 
to the value N, the bearer of the card and other 
25 specific parameters 102. 

If the risk assessment is considered to be high by 
step 98, the decision is to inhibit use of the card 
(step 100) by sending an inhibit message 40 to the 
card. 
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If the assessment is not considered to be high, 
the decision is to enable use of the card (step 102) by 
sending an enable message 40 to the card. This enable 
message may contain other elements for, for example, 
5 resetting the counter CAC or introducing therein a 
number determined by the network module 34. 

The description of the invention which has just 
been given shows that the fitting of two risk 
management modules, one 32 in the SIM card and the 
10 other 34 in the network, affords flexibility of the 
risk management, partly by the card by means of 
parameters which are simple to use (values of an 
incremented counter and of thresholds TO and Tl) and 
partly by the network using more sophisticated 
15 parameters which may easily be modified. 

The above description shows that it is possible to 
define a method which comprises the following steps in 
the electronic chip card 22 consisting in: 

(a) checking (74) the state, blocked or not, of 
20 the electronic chip card in order to refuse (75) or not 

the authentication request; 

(b) in the case of authorisation of the 
authentication request, counting (76) the number N of 
requests for authentication of the electronic chip card 

25 (22, SIM) by the network (54), 

(c) comparing the number N of authentication 
requests with a first threshold TO, 

(d) calculating a cryptographic certificate if N 
< TO and transmitting it to the network, 
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(e) comparing the number N with a second 
threshold Tl if N > TO, 

(f) putting the electronic chip card (22, SIM) in 
the blocked state (52, 58) if N > Tl, and 

5 (g) calculating a cryptographic certificate (88) 

and producing a risk assessment request message (86) 
and transmitting them (38, 56) to the network if TO < N 
< Tl . 

The above steps are supplemented in the network by 
10 the following steps consisting in: 

(h) analysing (54) the risk assessment request 
message transmitted by the electronic chip card (22) , 

(i) assessing (96, 102, 98) the risk according to 
the results of the analysis according to the previous 

15 step (h) and specific parameters, and 

(j) producing (100, 104, 40) a response message 
and transmitting it to the electronic chip card (22) . 

In describing the invention it has been assumed 
that the cryptographic certificate is calculated from a 

20 random number RA but it is clear that this random 
number can be replaced by a number which is not random. 

Moreover, the particular example which has been 
described relates to the detection of accesses of a 
fraudulent nature through their high number; however, 

25 the invention also applies to the detection of other 
conditions which would correspond to other types of 
access which would constitute a risk for the operator 
of the network such as the exceeding of a credit 
allocated to the user of a prepayment card. In this 

30 case, the thresholds TO and Tl would be monetary values 
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whilst the counter would be a totaller for the 
expenditure made by the user of the handset. Thus TO 
would be a threshold of authorised expenditure whilst 
Tl would be a threshold beyond which the expenditure 
would no longer be authorised. 
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CLAIMS 



1. A risk management system in a mobile telephony 
network equipped with a message service device (18), 
5 the mobile handsets (14) each having an electronic chip 
card (22) (SIM) capable of calculating a cryptographic 
authentication certificate from a value supplied by the 
network, characterised: 

in that the electronic chip card (22, SIM) 
10 comprises means (32) for enabling or not the 
calculation of a cryptographic certificate and its 
transmission (56) to the network when certain 
conditions are fulfilled or not and for transmitting to 
the network a message (38) requesting evaluation of the 
15 risk when other conditions are fulfilled, and 

- in that the network (54) comprises means (34) 
for evaluating the said risk according to the 
information contained in the risk evaluation request 
message (38) and parameters specific to the user of the 
20 mobile handset (14, ME) and for sending a message (40) 
to the said means (32) of the electronic chip card for 
enabling or not the calculation and transmission of the 
cryptographic certificate. 

2 . A method for implementing the risk management 
25 system according to Claim 1, characterised in that it 
comprises, in the electronic chip card (22), the 
following steps consisting in: 

(a) checking (74) the state, inhibited or not, of 
the electronic chip card in order to refuse (75) or not 
30 the authentication request; 
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(b) in the case of authorisation of the 

authentication request, counting (76) the number (N) of 
requests for authentication of the electronic chip card 
(22, SIM) by the network (54), 
5 (c) comparing the number (N) of authentication 

requests with a first threshold TO, 

(d) calculating a cryptographic certificate if N 

< TO and transmitting it to the network, 

(e) comparing the number N with a second 
10 threshold II if N > TO, 

(f) putting the electronic chip card (22, SIM) in 
the inhibited state (82, 58) if N > Tl, and 

(g) calculating a cryptographic certificate (88) 
and producing a risk assessment request message (86) 

15 and transmitting (38, 56) them to the network if TO < N 

< Tl . 

3. A method according to Claim 2, characterised 
in that it also comprises the following steps 
implemented by the network (54), consisting in: 
20 (h) analysing (94) the risk assessment request 

transmitted by the electronic chip card (22), 

(i) assessing (96, 102, 98) the risk according to 
the results of the analysis according to the previous 
step (h) and parameters specific to the user of the 
25 mobile handset, and 

(j) producing (100, 104, 40) a response message 
and transmitting it to the electronic chip card (22) . 

4 . A method according to one of the preceding 
Claims 2 or 3, characterised in that the numbers N, TO 
30 and Tl are monetary values corresponding respectively 
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to a totalling of the expenditure made in telephone 
communications , a first authorised expenditure 
threshold and a second threshold beyond which the 
expenditure is no longer authorised. 
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